package com.hnyfkj.jyindustry.common.xss;

import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * @program: jyindustry
 * @description:xxs过滤类，防止xxs攻击
 * @author: zl
 * @create: 2020-07-09 18:05
 **/
public class XssFilter implements Filter {

	@Override
	public void init(final FilterConfig config) throws ServletException {
	}

	@Override
	public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain)
			throws IOException, ServletException {
		final XssHttpServletRequestWrapper xssRequest = new XssHttpServletRequestWrapper((HttpServletRequest) request);
		setRespHeader((HttpServletResponse) response);
		chain.doFilter(xssRequest, response);
	}

	@Override
	public void destroy() {
	}

	// 使用强缓存
	private void setRespHeader(final HttpServletResponse response) {
		response.setHeader("Pragma", "no-cache");
		response.setDateHeader("Expires", 0);
		response.addHeader("Cache-Control", "no-cache");
	}

}